CVE-2019-25285
Unquoted Service Path in Alps ApHidMonitorService Enables Privilege Escalation
Publication date: 2026-02-05
Last updated on: 2026-02-05
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| alps | pointing-device_controller | to 8.1202.1711.04 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-428 | The product uses a search path that contains an unquoted element, in which the element contains whitespace or other separators. This can cause the product to access resources in a parent path. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': "The Alps Pointing-device Controller version 8.1202.1711.04 contains an unquoted service path vulnerability in the 'ApHidMonitorService'. Because the service path is unquoted and contains spaces, a local attacker with limited privileges can place a malicious executable in a part of the service path. When the service restarts or the system reboots, the system may execute this malicious executable with elevated system-level privileges, allowing the attacker to run code as the LocalSystem account."}] [1, 3]
How can this vulnerability impact me? :
This vulnerability allows local attackers to escalate their privileges from limited user rights to system-level access. By placing a malicious executable in the unquoted service path, an attacker can execute arbitrary code with elevated privileges when the service restarts or the system reboots. This can lead to full system compromise, including unauthorized access to sensitive data, modification or deletion of files, and disruption of system availability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability can be detected by checking for unquoted service paths in the ApHidMonitorService on affected systems.'}, {'type': 'paragraph', 'content': 'You can use Windows Management Instrumentation Command-line (WMIC) and Service Control (SC) commands to discover the unquoted service path.'}, {'type': 'list_item', 'content': 'Use the command: wmic service where "name=\'ApHidMonitorService\'" get PathName'}, {'type': 'list_item', 'content': 'Use the command: sc qc ApHidMonitorService'}, {'type': 'paragraph', 'content': 'If the service path returned contains spaces and is not enclosed in quotes, the system is vulnerable.'}] [1, 3]
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately ensure that the service path for ApHidMonitorService is properly quoted to prevent execution of malicious executables.
You should also restrict local user permissions to prevent placing executables in the vulnerable path segments.
Additionally, consider restarting the service or the system after applying fixes to clear any malicious executables that might have been placed.
If possible, update or patch the Alps Pointing-device Controller software to a version that addresses this vulnerability.